added enable_br_netfilter env var

2025-07-14 15:46:03 +00:00 · 2025-02-28 19:25:26 +05:30 · 2025-02-28 19:25:26 +05:30 · 1add22bc39
commit 1add22bc39
parent a274d25252
3 changed files with 23 additions and 0 deletions
--- a/cluster/defaults.go
+++ b/cluster/defaults.go
@ -762,6 +762,12 @@ func (c *Cluster) setClusterDNSDefaults() error {
 func (c *Cluster) setClusterNetworkDefaults() {
 	setDefaultIfEmpty(&c.Network.Plugin, DefaultNetworkPlugin)

+	// set enable_br_netfilter to true by default since it is required for network plugins
+	if c.Network.EnableBrNetfilter == nil {
+		enableBrNetfilter := true
+		c.Network.EnableBrNetfilter = &enableBrNetfilter
+	}
+
 	if c.Network.Options == nil {
 		// don't break if the user didn't define options
 		c.Network.Options = make(map[string]string)
--- a/cluster/plan.go
+++ b/cluster/plan.go
@ -68,6 +68,7 @@ const (
 	KubeletDualStackNameEnv          = "RKE_KUBELET_CRIDOCKERD_DUALSTACK"
 	CRIDockerdStreamServerAddressEnv = "CRIDOCKERD_STREAM_SERVER_ADDRESS"
 	CRIDockerdStreamServerPortEnv    = "CRIDOCKERD_STREAM_SERVER_PORT"
+	KubeProxyBrNetfilterNameEnv      = "RKE_KUBE_PROXY_BR_NETFILTER"
 )

 var (
@ -775,6 +776,10 @@ func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, serviceOptions v3.Kube
 		Env = append(Env, c.getWindowsEnv(host)...)
 	}

+	if c.EnableBrNetfilter() {
+		Env = append(Env, fmt.Sprintf("%s=%s", KubeProxyBrNetfilterNameEnv, "true"))
+	}
+
 	for arg, value := range host.GetExtraArgs(kubeproxy.BaseService) {
 		CommandArgs[arg] = value
 	}
@ -1324,6 +1329,16 @@ func (c *Cluster) IsCRIDockerdEnabled() bool {
 	return false
 }

+func (c *Cluster) EnableBrNetfilter() bool {
+	if c == nil {
+		return false
+	}
+	if c.Network.EnableBrNetfilter != nil && *c.Network.EnableBrNetfilter {
+		return true
+	}
+	return false
+}
+
 func (c *Cluster) multipleCIDRsConfigured() bool {
 	if c == nil {
 		logrus.Debug("multipleCIDRsConfigured: Returning false, cluster object is nil")
--- a/types/rke_types.go
+++ b/types/rke_types.go
@ -409,6 +409,8 @@ type NetworkConfig struct {
 	UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"`
 	// Tolerations for Deployments
 	Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"`
+	// Enable/Disable br_netfilter on nodes
+	EnableBrNetfilter *bool `yaml:"enable_br_netfilter" json:"enableBrNetfilter" norman:"default=true"`
 }

 type AuthWebhookConfig struct {